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WHAT IS CLAIMED IS: 

V 1. For use in a wireless network comprising a plurality of 
base\stations, each of said base stations capable of communicating 
with a^plurality of mobile stations, a security device capable of 
preventing an unprovisioned one of said plurality of mobile 
stations frorft accessing an Internet protocol (IP) data network 
through said wireless network, said security device comprising: 

a f irstX^controller capable of receiving from said 
unprovisioned mobile Ns ^tation an IP data packet comprising an IP 
packet header and an IP packet payload and replacing said IP packet 
header with a replacement I^vpacket header comprising an IP address 
of a selected one of at leas^: one provisioning server of said 
wireless network. 

2 . The security device set f o^th in Claim 1 wherein said 
first controller is disposed in at least\pne of said plurality of 
base stations. 

3. The security device set forth in Clan^m 1 wherein said 
first controller is disposed in a mobile switching\center of said 
wireless network. 
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\ 4 . The security device set forth in Claim 1 further 
comprising a second controller capable of determining that said 
unprovisioned mobile station is unprovisioned. 

5. TShe security device set forth in Claim 1 wherein said 
second controller determines that said unprovisioned mobile station 
is unprovisioneci if said unprovisioned mobile station is unable to 
authenticate to said wireless network. 

6. The security^ device set forth in Claim 1 wherein said 
second controller determines that said unprovisioned mobile station 
is unprovisioned accordingVto a predetermined telephone number 
associated with a service provisioning process selected by said 
unprovisioned mobile station. \ 

7. The security device set forth in Claim 1 wherein said 
second controller determines that said uVprovisioned mobile station 
is unprovisioned according to data retrieved from a home location 
register associated with said wireless network. 
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8 . The^security device set forth in Claim 1 wherein said 
first controller selects said least one provisioning server by 
selecting said IP address^i^said replacement IP packet header 
according to a load spreading algorit^tim. 
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9. A wireless network comprising: 

a plurality of base stations, each of said base stations 
capable oX. communicating with a plurality of mobile stations; 
at\least one provisioning server; and 

a security device capable of preventing an unprovisioned 
one of said plurality of mobile stations from accessing an Internet 
protocol (IP) data network through said wireless network, said 



\ 



security device comprisii 

a first controller capable of receiving from said 
unprovisioned mobile\station an IP data packet comprising 
an IP packet header\and an IP packet payload and 
replacing said IP packet\ header with a replacement IP 
packet header comprising an \EP address of a selected one 
of said at least one provisioning server. 



10. The wireless network set forth in \:iaim 9 wherein said 
first controller is disposed in at least one of\said plurality of 
base stations. 
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\ 11. The wireless network set forth in Claim 9 wherein said 
f irst\controller is disposed in a mobile switching center of said 
wirelessV network . 

12 . The\ wireless network set forth in Claim 9 further 
comprising a second controller capable of determining that said 
unprovisioned mobile station is unprovisioned. 

13 . The wireless network set forth in Claim 9 wherein said 
second controller determined that said unprovisioned mobile station 
is unprovisioned if said unprovisioned mobile station is unable to 
authenticate to said wireless network. 

14. The wireless network set forth in Claim 9 wherein said 
second controller determines that said unprovisioned mobile station 
is unprovisioned according to a predetermined telephone number 
associated with a service provisioning process selected by said 
unprovisioned mobile station. \ 
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15. Xttie wireless network set forth in Claim 9 wherein said 
second controller determines that said unprovisioned mobile station 
is unprovisioned ab<^ording to data retrieved from a home location 
register associated with^said wireless network. 

16. The wireless network sfet forth in Claim 9 wherein said 
first controller selects said leastNone provisioning server by 
selecting said IP address in said replacement IP packet header 
according to a load spreading algorithm. 



- 37 - 




ATTY. DOCKET NO. SAMS01- 00097 PATENT 

\ 17. For use in a wireless network comprising a plurality of 
basev stations, each of the base stations capable of communicating 
with plurality of mobile stations, a method of preventing an 
unprovis zoned one of the plurality of mobile stations from 
accessing an Internet protocol (IP) data network through the 
wireless network, the method comprising the steps of: 

receiving from the unprovisioned mobile station an IP 
data packet comprising an IP packet header and an IP packet 
payload; \ 

determining that the unprovisioned mobile station is 
unprovisioned; and \ 

replacing the IP packet header with a replacement IP 
packet header comprising an IP \ddress of a selected one of at 
least one provisioning server of tnte wireless network. 

18. The method set forth in Clairk 17 wherein the step of 
determining comprises the step of determining that the 
unprovisioned mobile station is unable to ^authenticate to the 
wireless network. \ 
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rS^ The method set forth in Claim 17 wherein the step of 
determining, comprises the step of determining that the 
unprovisioned mobile station' selected a predetermined telephone 
number associated with a service provisioning process. 

20. The method set r^rth in Claim 17 wherein the step of 
determining that the unprovisiohed mobile station is unprovisioned 
comprises the step of examining data\retrieved from a home location 
register associated with the wireless network. 
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